Hackers may already be secretly running company computer systems because firms
are too complacent and falsely believe they are protected, the head of GCHQ
warned yesterday.

Iain Lobban, director of the intelligence agency, said too many businesses have “misplaced” confidence over their security against cyber attacks and need to take the threat more seriously.

He said some may not realise their systems have already been compromised, sensitive information stolen or even have their entire network until the control of criminals.

The agency revealed one, unnamed, security firm that ran large Government contracts went bankrupt after hackers released sensitive emails and data.

Another, a world leading pharmaceutical company, had a five-year, £1 billion product research programme compromised after the data was stolen in a cyber attack and allowed a cheaper rival product to hit the market before it was launched.

Mr Lobban told business leaders last night that the size and pace of cyber attacks was now at an unprecedented level and threatened the UK’s economic security.

His warning came as GCHQ and the Government launched a new advice pack for businesses on how best to protect themselves from cyber crime.

In June, Jonathan Evans, the Director General of MI5, said the “astonishing” level of cyber attacks from enemy states and criminals were threatening government secrets and businesses.

In a foreword to the new guidance, 10 Steps to Cyber Security, Mr Lobban said the cyber threat was “one of the biggest challenges we face today”.

He said if companies did not have their defences right: “Your IT systems may have already been compromised, attackers could already have your new product plans, bidding positions or research, they may already be running your process control systems.

“Are you confident that this has not already happened to your business?”

He said: “The magnitude and temp of these attacks, basic or sophisticated, on UK and global networks pose a real threat to the UK’s economic security”.

But speaking to business leaders at a private meeting last night, Mr Lobban suggested companies were not taking the threat seriously enough.

He highlighted a survey earlier this year that found nearly nine in ten UK businesses were confident in their defences.

He said: “If that’s true, my experience suggests that such confidence is misplaced.”

Cyber crime is estimated to cost the UK around £27 billion a year and involves thousands of attacks around the world every day.

In July, MPs on the Commons Intelligence and Security Committee said Britain should declare cyber war on states and criminals who target the country by using aggressive retaliatory strikes to destroy their operations.

The latest move is the first time the Government and intelligence agencies have directly targeted business leaders on the issue.

The document also warns that hackers may target disaffected employees at companies as a back door through any security measures.